ID.RA-05:
Threats, vulnerabilities, likelihoods, and impacts are used to understand inherent risk and inform risk response prioritization
Implementation Examples
Ex1:
Develop threat models to better understand risks to the data and identify appropriate risk responses
Ex2:
Prioritize cybersecurity resource allocations and investments based on estimated likelihoods and impacts